Link to this headingPodman

provides a Docker-compatible command line interface without requiring a central daemon.

Same commands as docker

Link to this headingInstallation

Setup:

sudo pacman -S podman

Link to this headingNetwork Configurations

Enable rootless containers to bind to high ports:

# Allow binding to ports 80 and 443 for rootless containers echo 'net.ipv4.ip_unprivileged_port_start=80' | sudo tee -a /etc/sysctl.conf sudo sysctl -p

Alternative approach using port mapping:

# Map host port 8080 to container port 80 podman run -p 8080:80 nginx:latest

Create and manage custom networks:

# Create a custom bridge network podman network create --driver bridge webapp-network # Run containers on custom network podman run -d --network webapp-network --name db postgres:13 podman run -d --network webapp-network --name app nginx:latest

Link to this headingUser Namespace Configuration

Set up subUID and subGID ranges:

# Check current ranges cat /etc/subuid cat /etc/subgid # Add ranges for user (typically done during installation) sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 username

Link to this headingSystemd Integration

Quadlet systemd integration guide provides declarative container management through systemd unit files.

Generate systemd service files:

# Generate user service file podman generate systemd --new --name mycontainer --files # Enable and start service systemctl --user enable container-mycontainer.service systemctl --user start container-mycontainer.service

Link to this headingSecurity Considerations

Run containers without root privileges:

# Verify rootless operation podman unshare cat /proc/self/uid_map

Use security profiles:

# Run with AppArmor profile podman run --security-opt apparmor=my-profile alpine:latest # Run with SELinux context podman run --security-opt label=type:container_runtime_t alpine:latest